Security questions are a part of the internet, right up there with logins and passwords. No one thought much about them until
Sara Palin's Yahoo account was hacked because her security question was something stupidly easy to find online: "
Where did you meet your spouse?"
(UPDATE: which is apparently still being used as a security question)
So now security questions have been given the attention they deserve, but I still see supposedly knowledgeable websites (I'm looking at you
goodsecurityquestions.com) suggesting really poor security questions.
Because I hate the idea of people googling "
good security questions" and being offered poor questions like
"What is your oldest sibling’s birthday month? (e.g., January)" (Bet I can guess it in twelve guesses or less!) or
"Where does your nearest sibling live? " (Gee, hope you two aren't friends on each other's facebook or myspace, because it would only take a minute to find the answer), I've decided to post
actual good security questions and
why they're good questions.
A good security question will have the following characteristics:
1. Easy to remember, even 5 or 10 yrs from now
2. At least thousands of possible answers
3. Not a question you would answer on facebook, myspace, in a "
Fun Questions to Ask" survey, or in a article or interview
4. Simple one or two word answer
5. Never changes
Things to avoid:
1. Favorite foods, colors, etc: these change over time
2. Vehicle make and model: there's only so many types of cars, trucks, etc. Most people could rattle off the popular makes and models of a era rather easily
3. Birthdays: birthdays are poor because they're easy to find online, even siblings or parents, since most social networking sites will send out alerts to everyone when birthdays are approaching
4. What is family member's name or birthday: again, if they're family there's a good chance they're your friend on a social networking site, so this info would be easy to find
5. School name, location, etc: it is usually easy for someone to find out the area a person lives or grew up, and there's usually only so many schools in an area
6. First job location, name, etc: again, usually easy to find out where someone grew up, there's a limited number of popular first jobs, and this is a question you might answer in a "Fun Questions to Ask Friends" survey
7. What is color of....: poor question because there's only so many colors of vehicles, hair, etc, unless you got very specific like "
desert sand mica", even still friends and family would know the color and there might even be photos of your vehicle on your facebook, myspace, etc
So here's a list of questions I've come up with and why they are good questions:
What was the last name of your third grade teacher? |
It's unlikely that you answered this anywhere, teachers change over time and most schools will have multiple teachers for each grade |
What was the name of the boy/girl you had your second kiss with? |
first kiss seemed too obvious, unlikely you went into great detail online about your second kiss |
Where were you when you had your first alcoholic drink (or cigarette)? |
Again, unless you're a teenager and you posted online how excited you were for your first beer, it's unlikely you answered this anywhere. Use a specific location and avoid answers like home, school or work. |
What was the name of your second dog/cat/goldfish/etc? |
First pet's name is too obvious, but only use if your second pet isn't your current pet. |
Where were you when you had your first kiss? |
Great question, even if you talked about having your first kiss online it's unlikely you went into great detail about where you were. Just make sure the answer is short and not obvious like "homecoming dance" or the name of your high school |
When you were young, what did you want to be when you grew up? |
only use if the answer is not cop, doctor, firefighter or other very obvious answers |
Where were you when you first heard about 9/11? |
A little morbid, but most of us are probably not likely to forget the answer. Use a specific location, avoid answers like home, school, or work. |
Where were you New Year's 2000? |
Since myspace and facebook didn't exist in 2000 it's unlikely this is posted anywhere (unless you're a famous celebrity), but only pick this if the answer is not "at my parents house" and you were alive in 2000. |
What's John's (or other friend/family member) middle name? |
Since most people will not know who "John" is this would make a great question. You can also use their info for hard to guess security questions like "What was the name of John's first dog?" |
Who was your childhood hero? |
Since a childhood hero could be anyone this could be a good question as long as answer is not superman, my dad/mom or my brother/sister |
What is the first name of the person who has the middle name of Herbert? |
Tough question to answer. It is very unlikely you posted this anywhere, and since most people do not have their full names online this would make a great security question. |
Here's some questions that seem like they're good but they're really not. I found all of these security questions online labeled as "good" security questions
What was your childhood nickname? |
Very likely your friends and family know this, and you might have answered this in a "Fun Questions to Ask" survey |
What is your oldest sibling's birthday month and year (e.g., January 1900)? |
Even if someone just guessed there's only about 240 possible answers (20 yrs * 12 months a year), and if your oldest sibling is your friend on facebook or myspace this answer is very easy to find |
What is your oldest cousin's first and last name? |
If you're using this as a security question you're probably friends with your oldest cousin on facebook or myspace |
What is the first name of the boy or girl that you first kissed? |
You might have answered this in a "Fun Questions to Ask" survey, and your spouse and ex's probably know the answer to this. |
What is your youngest brother's birthday? |
Again, if you're using this as a security question you're probably friends with your oldest cousin on facebook or myspace |
What was the name of your elementary / primary school? |
it is usually easy for someone to find out the area a person lives or grew up, and there's usually only so many schools in an area |
What is the name of your grandmother's dog? |
This is a poor question for many reasons. First, you might have talked about this online ("went to grandma's and played with her dog Rex"). Second, which grandmother? Third, what if dog dies and she gets another one? Fourth, all of your family would know the answer. |
What are the last 5 digits of your driver's license number? |
I don't even know the answer to that, and if you someday move to another state it's very likely to change |
On which wrist do you wear your watch?
 |
This is so outrageously poor that it is laughable and I can't believe someone actually thought this was a good security question. How many possible answers are there? The scary thing is the person posting this then linked to goodsecurityquestions.com, which makes me wonder if they either got the question from there at some point or own the website. |
|
|
Well there you have it, if anyone uses any of these suggestions please let me know.